Author: John Hatcliff
Last revised: 08/29/2015
==================================
Lecture Pre-conditions
==================================
* (none)
==================================
Important Concepts
==================================
* One of the most important steps in designing a safety critical
system is determining the boundary between the "system" to
be implemented (this is the "engineered space" that we have
control over) and the "environment"
* The functional architecture of most safety critical systems
can be described in terms of one or more "control loops".
* A control loop consists of (see diagram in figure 3.2 on page 66
of Engineering a Safer World)
Four main elements: Controller, actuator(s), controlled process, sensor(s).
Additional elements: Control algorithms, set points, controlled
variables, process inputs, disturbances, process outputs, measured
variables
* A sensor is a component that observes the state of the controlled
process (which could be either the system or environment)
Examples:
* Aviation -- Airspeed: Pitot tube
* Medical -- Isolette: Temperature sensor
* Automotive -- wheel speed sensor
* A actuator is a component that can affect the state of the
controlled process (system or environment)
Examples:
* Medical: -- PCA Pump: pump pushing
* Airspeed: Jet engine
* Medical -- Isolette: Heater
* A controller is the component which evaluates the state of the
controlled process (e.g., by examining sensor data), considers the
current goals of the system (e.g., as reflected in the set points),
makes decisions about if/how the controlled process needs to acted
on (controlled) by the system, and sends control commands to actuators
for the purpose of ensuring that the controlled process stays within
desired states.
Examples:
* Automotive: Cruise control algorithm
* Airspeed: Autopilot
* Isolette: Thermostat
* A disturbance is a change to the controlled process originating
from the environment, rather than controlled variables. Sometimes
the system's control algorithm can respond to the disturbance and
still keep the control process within desired states.
Examples:
* Airspeed: Turbulence
* Isolette: External temperature changes
* Automotive: For cruise control, e.g., strong head winds, car going
up a hill (causing deceleration, which cruise control must correct),
car going down a hill (causing excess acceleration, which cruise
control must correct)
In other cases, the disturbances in the environment may be too great
for the system to overcome. This system may be able to notify an
operator through some sort of an alarm in such a case.
Examples:
* Isolette: The isolette could fail to heat the air inside due to
environmental conditions it causes (eg, the isolette's exhaust vent
could be next to the room's thermostat, and so it is unable to
sufficiently heat itself as the room's air conditioner is turned on)
* Set points are... the predefined limits (goals), perhaps configured
by a human operator, that controlled variables should be kept within.
Examples:
* Automotive Cruise Control: Target speed of 70 MPH
* PCA Interlock: 12 - 20 breaths / min
* Airspeed: 300 - 310 knots
* Isolette: 98.5-99.0 degrees Fahrenheit
* Control loops can be present, not only in the engineered system,
but in the environment/context in which the system operates.
Examples:
* Automotive Cruise Control:
For example, an automobile may be operating in the context of
a country road with a posted speed limit of 55 MPH,
which leads the driver to set the cruise control speed target at 57 MPH.
Then the automobile enters an Interstate Highway where the speed
limit is 75 MPH which leads to the driver to set the cruise
control target speed at 77 MPH (our driver always likes to exceed
the speed limit a bit).
In this case, the "controller" is the driver (along with the
driver's general desire to obey the traffic laws), the "controlled
process" is the car's cruise control function, the "sensor" is the
driver's vision of the speed limit signs and road conditions, and
the "actuator" is the driver's body (hands, fingers) used to
operate the user interface for the cruise control.
* Reasoning about control loops can form the basis for system safety
assessments (i.e., hazard analyses).
==================================
Lecture Post-conditions
==================================
* Be able to define and give examples of the following terms:
- sensor
- actuator
- controller
- controlled process
- disturbance
- set points
* Be able to draw a diagram representing the structure of a
conventional control loop.
* Be able to identify the components of the control loop(s) from
the Isolette.